Google Faces French Fine for Breach of Privacy

Joel Reidenberg in The New York Times, March 21, 2011

Media Source

By ERIC PFANNER

PARIS — Google’s privacy problems mounted Monday as French regulators fined the company for violating data protection laws and accused it of continuing to flout the rules even though it acknowledged mistakes in collecting data for an online mapping service.

The privacy watchdog agency imposed a fine of 100,000 euros ($142,000), saying Google had been insufficiently forthcoming about privacy violations involving its Street View service, which enhances Internet maps with pictures. French officials also said that Google continued to break privacy rules in operating a mobile app called Latitude, which lets users broadcast their location and pinpoint the whereabouts of friends.

Google has admitted, and apologized for, gathering e-mail, computer passwords and other information from private Wi-Fi networks without the owners’ knowledge as camera-equipped Street View cars roamed the world’s streets.

But the French authority said that Google had steadfastly refused to turn over the full source code for software used in gathering the Street View data. And the privacy watchdog said users of Latitude were not informed that Google tracked their movements to enhance its database of Wi-Fi information.

“When they use Latitude, they become a Google agent,” said Yann Padova, secretary general of the privacy agency, the National Commission for Information Technology and Freedoms.

Mr. Padova said the fine would close the agency’s investigation related to Street View. But he added that if Google continued operating Latitude as it does now, it could face additional sanctions.

Google has the right to appeal the decision, but did not say on Monday whether it would. The company said that the commission’s move to close the inquiry into Street View would allow it to delete the personal data that it had collected from its interception of Wi-Fi communications by Street View cars, and which had been stored as the agency investigated.

“As we have said before, we are profoundly sorry for having mistakenly collected payload data from unencrypted Wi-Fi networks,” Peter Fleischer, Google’s global privacy counsel, said in a statement. “As soon as we realized what had happened, we stopped collecting Wi-Fi data from our Street View cars and immediately informed the authorities. Deleting the data has always been our priority.”

Google did not comment on the commission’s concerns about Latitude.

As a privacy control, the company already requires users of that service to approve the disclosure of their location. Mr. Padova said it would be a “major improvement” if Google informed French users that their phones would be used to collect data on Wi-Fi networks. But he said Google had told him it did not need to do so because the information was processed outside France — an argument that did not satisfy Mr. Padova.

“If a French company goes to America it has to operate under U.S. law,” he said. “The big problem is Google doesn’t seem to think European law is applicable to its services.”

Privacy officials in more than two dozen countries have been investigating Street View, but the French agency is one of the first to act against Google. In Britain, for example, the Information Commissioner’s Office said last November that Google had committed a “significant breach” of the law, but did not fine the company. In the United States, the Federal Trade Commission dropped an investigation last year, though the Federal Communications Commission has been investigating separately.

Joel R. Reidenberg, a Fordham University law professor who studies Internet privacy issues, said the decision sent “a powerful message” that the French privacy commission was “serious about enforcement and is willing to use its enhanced authority.”

The agency, he added, is “sending a signal to its counterparts in Europe that data protection authorities should step up their enforcement activities, since the same activity occurred elsewhere in Europe.”